ComboFix 11-06-22.05 - Anne Lise 23-06-2011 17:35:10.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.45.1030.18.1978.964 [GMT 2:00]
Kører fra: c:\users\Anne Lise\Downloads\ComboFix.exe
Kommandoer benyttet :: c:\users\Anne Lise\Desktop\Ny mappe\CFScript.odt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0406.exe
.
.
((((((((((((((((((((((((((((( Filer skabt fra 2011-05-23 til 2011-06-23 )))))))))))))))))))))))))))))))))))
.
.
2011-06-23 16:03 . 2011-06-23 16:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-23 16:03 . 2011-06-23 16:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 15:12 . 2011-06-23 15:25 -------- d-----w- C:\32788R22FWJFW
2011-06-21 17:36 . 2011-06-21 17:36 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-21 16:15 . 2011-06-21 16:15 -------- d-----w- c:\program files\IObit
2011-06-21 16:13 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A31CE778-CDA7-4293-8C83-5A8D9D82FFB1}\mpengine.dll
2011-06-16 09:52 . 2011-04-30 06:09 758784 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2011-06-16 09:52 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 09:52 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 09:52 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 09:52 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-04 15:39 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d2f11d8b-3eb5-4b42-9511-370dbec707fb}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-01-04 15:08 3911776 ----a-w- c:\program files\uTorrentBar\tbuTo1.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
2010-11-13 20:58 3913000 ----a-w- c:\program files\Oryte_Games_1.15\tbOryt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d2f11d8b-3eb5-4b42-9511-370dbec707fb}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D2F11D8B-3EB5-4B42-9511-370DBEC707FB}"= "c:\program files\Oryte_Games_1.15\tbOryt.dll" [2010-11-13 3913000]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-13 3913000]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTo1.dll" [2011-01-04 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d2f11d8b-3eb5-4b42-9511-370dbec707fb}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0BB]
@="{BC7D00C5-9CDE-4F36-99EA-F759F01A9F87}"
[HKEY_CLASSES_ROOT\CLSID\{BC7D00C5-9CDE-4F36-99EA-F759F01A9F87}]
2010-02-01 15:28 129536 ----a-w- c:\program files\BuddyBackup\BBShellPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1BB]
@="{A325B20C-FE16-4F1D-9385-DA3D2F4C4D1A}"
[HKEY_CLASSES_ROOT\CLSID\{A325B20C-FE16-4F1D-9385-DA3D2F4C4D1A}]
2010-02-01 15:28 129536 ----a-w- c:\program files\BuddyBackup\BBShellPlugin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2BB]
@="{44A21A60-4225-4E0F-A189-98AED6F43B05}"
[HKEY_CLASSES_ROOT\CLSID\{44A21A60-4225-4E0F-A189-98AED6F43B05}]
2010-02-01 15:28 129536 ----a-w- c:\program files\BuddyBackup\BBShellPlugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-11 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-31 399736]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2011-01-13 156672]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2009-11-25 104408]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\users\Anne Lise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BuddyBackup.lnk - c:\program files\BuddyBackup\BuddyBackup.exe [2011-2-7 8828224]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-30 16:00 77824 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2009-11-25 13:42 292824 ----a-w- c:\program files\Registry Mechanic\RMTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-11 07:39 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Tjenesten Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Tjeneste (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 53592]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Mouse Driver\KMWDSrv.exe [2008-03-28 208896]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-09 632792]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-04-26 361808]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
S3 SPCP825K;Sunplus Serial port driver;c:\windows\system32\DRIVERS\SPCP825K.sys [2010-10-08 33352]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Indhold af mappen 'Planlagte Opgaver'
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:25]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:25]
.
2011-05-18 c:\windows\Tasks\HPCeeScheduleForAnne Lise.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-03 22:14]
.
.
------- Yderligere scanning -------
.
uStart Page =
hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=da_dk&c=83&bd=Presario&pf=cnnbIE: &AOL Toolbar-søgning - c:\programdata\AOL\ieToolbar\resources\da-DK\local\search.html
IE: Google Sidewiki ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 193.162.153.164 192.168.0.1
.
- - - - TOMME GENVEJE FJERNET - - - -
.
AddRemove-My Little Pony - c:\windows\IsUn0406.exe
AddRemove-Peter Plys Skolestart - c:\windows\IsUn0406.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-06-23 18:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanner skjulte processer ...
.
scanner skjulte autostarter ...
.
scanner skjulte filer ...
.
scanning gennemført med succes
skjulte filer: 0
.
**************************************************************************
.
--------------------- LÅSTE REGISTRERINGS NØGLER ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Gennemført tid: 2011-06-23 18:16:53
ComboFix-quarantined-files.txt 2011-06-23 16:16
ComboFix2.txt 2011-01-06 17:11
ComboFix3.txt 2011-01-03 20:29
ComboFix4.txt 2010-10-26 22:15
ComboFix5.txt 2011-06-23 15:11
.
Pre-Kørsel: 125.072.252.928 byte ledig
Post-Kørsel: 124.674.007.040 byte ledig
.
Current=1 Default=1 Failed=0 LastKnownGood=53 Sets=1,2,3,4,5,6,7,8,9,53
- - End Of File - - 4B5260F9FE02D564E4461E64674D0500